SIEMENS CERT
08/12/2025
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to …
SIEMENS CERT
08/12/2025
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the …
SIEMENS CERT
08/12/2025
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products …
SIEMENS CERT
08/12/2025
The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are …
US CERT
07/29/2025
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard (USCG) are issuing this Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of this advisory is to highlight identified cybersecurity issues, thereby informing security defenders in other organizations of potential similar …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION : Exploitable from a local network Vendor : Mitsubishi Electric Equipment : CNC Series Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Honeywell Equipment : Experion PKS Vulnerabilities : Use of Uninitialized Variable, Improper Restriction of Operations within the Bounds of a Memory Buffer, Sensitive Information in Resource Not Removed Before Reuse, Integer Underflow (Wrap or Wraparound), Deployment …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Network Thermostat Equipment : X-Series WiFi thermostats Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full administrative access to the device. 3. TECHNICAL …